Batik 1.9.1 vulnerability (CVE-2020-11987) in kettle-core

[mariusssi]

I have this CVE reported in my application for about 1 year (on 9.3.0.0-428). https://github.com/advisories/GHSA-2h63-qp69-fwvw (High Severity) Would need batik 1.14+

Wanted to upgrade but it's the same version in latest: See also https://mvnrepository.com/artifact/pentaho-kettle/kettle-core/9.4.0.0-294

Any reason why this lib didn't get updated until now ? Does it not apply maybe ?